r509-ocsp-responder 0.3.2 → 0.3.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a48e0631999d2b44f57298b331a076902452112f
+  data.tar.gz: 614699817a65eab0bada510b448730ce42c415df
+SHA512:
+  metadata.gz: 0825e1ad4a32d96ec4a973f0d508ade1ded4f25592abc3e59f112dffcaa9b7f4bed8d5915e43c8c57ba468d36bb48f71b3287312991f9557fade1d31711dfb4d
+  data.tar.gz: 77f96bc36bdb923f321fbc4d5ae2e5bfe9b88e96ab261b0ddfac822ae970cb3edb26091ecd60da4a4d742773bd370c93f676879ecfcd44ffe2ea8d0ad9eabcba

checksums.yaml.gz.sig

@@ -0,0 +1,2 @@
+|�؄�sl1�j�82~��,c>U�5�Fn��
+:�f/W}��"W����f�/��i�ٜE6�x���|�a��

data/README.md

@@ -1,9 +1,9 @@
-#r509-ocsp-responder [![Build Status](https://secure.travis-ci.org/reaperhulk/r509-ocsp-responder.png)](http://travis-ci.org/reaperhulk/r509-ocsp-responder)
-r509-ocsp-responder is an OCSP responder written using [r509](https://github.com/reaperhulk/r509) and Sinatra to conform to RFC [2560](http://www.ietf.org/rfc/rfc2560.txt) and [5019](http://www.ietf.org/rfc/rfc5019.txt).
+#r509-ocsp-responder [![Build Status](https://secure.travis-ci.org/r509/r509-ocsp-responder.png)](http://travis-ci.org/r509/r509-ocsp-responder) [![Coverage Status](https://coveralls.io/repos/r509/r509-ocsp-responder/badge.png)](https://coveralls.io/r/r509/r509-ocsp-responder)
+r509-ocsp-responder is an OCSP responder written using [r509](https://github.com/r509/r509) and Sinatra to conform to RFC [2560](http://www.ietf.org/rfc/rfc2560.txt) and [5019](http://www.ietf.org/rfc/rfc5019.txt).
 
 ##Requirements
 
-r509-ocsp-responder depends on [r509](https://github.com/reaperhulk/r509), [redis](http://redis.io), [r509-validity-redis](https://github.com/sirsean/r509-validity-redis) (or another library that implements R509::Validity), [sinatra](http://sinatrarb.com), and [dependo](https://github.com/sirsean/dependo). Optionally, you can install [r509-ocsp-stats](https://github.com/sirsean/r509-ocsp-stats) for stats collection. These must be installed as gems.
+r509-ocsp-responder depends on [r509](https://github.com/r509/r509), [redis](http://redis.io), [r509-validity-redis](https://github.com/sirsean/r509-validity-redis) (or another library that implements R509::Validity such as [r509-validity-crl](https://github.com/r509/r509-validity-crl)), [sinatra](http://sinatrarb.com), and [dependo](https://github.com/sirsean/dependo). Optionally, you can install [r509-ocsp-stats](https://github.com/sirsean/r509-ocsp-stats) for stats collection. These must be installed as gems.
 
 ##Basic Usage
 
@@ -11,7 +11,7 @@ r509-ocsp-responder depends on [r509](https://github.com/reaperhulk/r509), [redi
 If you have cloned the repo you can build the gem with ```rake gem:build``` and install with ```rake gem:install``` . Alternately you can use a prebuilt gem by typing ```gem install r509-ocsp-responder``` .
 
 ###Set Up config.ru
-Save the below into a config.ru (or rackup) file
+Save the below into a config.ru file
 
 ```ruby
 require "r509"
@@ -50,61 +50,51 @@ run responder
 The config.yaml contains certificate authority nodes as well as options like copy_nonce (documented below). Each CA node has an arbitrary name like test_ca and contains a ca_cert and (optional) ocsp_cert node. If you want to sign OCSP responses directly from your root you'll set your config up like this:
 
 ```yaml
+---
 copy_nonce: true
 cache_headers: true
 max_cache_age: 60
-certificate_authorities: {
-  second_ca: {
-    ca_cert: {
-      cert: "spec/fixtures/second_ca.cer",
-      key: "spec/fixtures/second_ca.key"
-    }
-  }
-}
+certificate_authorities:
+  second_ca:
+    ca_cert:
+      cert: spec/fixtures/second_ca.cer
+      key: spec/fixtures/second_ca.key
 ```
 
 If you want to use an OCSP delegate
 
 ```yaml
+---
 copy_nonce: true
 cache_headers: true
 max_cache_age: 60
-certificate_authorities: {
-  test_ca: {
-    ca_cert: {
-      cert: "spec/fixtures/test_ca.cer"
-    },
-    ocsp_cert: {
-      cert: "spec/fixtures/test_ca_ocsp.cer",
-      key: "spec/fixtures/test_ca_ocsp.key"
-    }
-  }
-}
+certificate_authorities:
+  test_ca:
+    ca_cert:
+      cert: spec/fixtures/test_ca.cer
+    ocsp_cert:
+      cert: spec/fixtures/test_ca_ocsp.cer
+      key: spec/fixtures/test_ca_ocsp.key
 ```
 
 Finally, if you're responding for multiple roots you specify them like so:
 
 ```yaml
+---
 copy_nonce: true
 cache_headers: true
 max_cache_age: 60
-certificate_authorities: {
-  test_ca: {
-    ca_cert: {
-      cert: "spec/fixtures/test_ca.cer"
-    },
-    ocsp_cert: {
-      cert: "spec/fixtures/test_ca_ocsp.cer",
-      key: "spec/fixtures/test_ca_ocsp.key"
-    }
-  },
-  second_ca: {
-    ca_cert: {
-      cert: "spec/fixtures/second_ca.cer",
-      key: "spec/fixtures/second_ca.key"
-    }
-  }
-}
+certificate_authorities:
+  test_ca:
+    ca_cert:
+      cert: spec/fixtures/test_ca.cer
+    ocsp_cert:
+      cert: spec/fixtures/test_ca_ocsp.cer
+      key: spec/fixtures/test_ca_ocsp.key
+  second_ca:
+    ca_cert:
+      cert: spec/fixtures/second_ca.cer
+      key: spec/fixtures/second_ca.key
 ```
 
 ###Configure Thin & nginx
@@ -165,8 +155,8 @@ This OCSP responder supports several optional flags (in addition to supporting a
 ##Signals
 You can send a kill -USR2 signal to any running r509-ocsp-responder process to cause it to reload and print its config to the logs (provided your app server isn't trapping USR2 first).
 
+##Support
+You can file bugs on GitHub or join the #r509 channel on irc.freenode.net to ask questions.
+
 ##Running Tests
 You'll need rspec, rake, and rack-test to run the tests. With these gems in place run ```rake spec```
-
-##Future Ideas
-* Devise a mechanism for doing automated OCSP delegate certificate renewal

data/Rakefile

@@ -7,12 +7,6 @@ RSpec::Core::RakeTask.new(:spec) do
     ENV['RACK_ENV'] = 'test'
 end
 
-desc 'Run all rspec tests with rcov (1.8 only)'
-RSpec::Core::RakeTask.new(:rcov) do |t|
-    t.rcov_opts =  %q[--exclude "spec,gems"]
-    t.rcov = true
-end
-
 namespace :gem do
     desc 'Build the gem'
     task :build do

data/lib/r509/ocsp/responder/version.rb

@@ -1,7 +1,7 @@
 module R509
   module OCSP
     module Responder
-      VERSION="0.3.2"
+      VERSION="0.3.3"
     end
   end
 end

data/spec/fixtures.rb

@@ -54,12 +54,11 @@ module TestFixtures
   end
 
   def self.test_ca_server_profile
-    R509::Config::CAProfile.new(
-        :basic_constraints => { "ca" => false },
-        :key_usage => ["digitalSignature","keyEncipherment"],
-        :extended_key_usage => ["serverAuth"]
+    R509::Config::CertProfile.new(
+        :basic_constraints => { :ca => false },
+        :key_usage => { :value => ["digitalSignature","keyEncipherment"] },
+        :extended_key_usage => { :value => ["serverAuth"] }
     )
-
   end
 
   def self.second_ca_cert
@@ -67,12 +66,11 @@ module TestFixtures
   end
 
   def self.second_ca_server_profile
-    R509::Config::CAProfile.new(
-        :basic_constraints => { "ca" => false },
-        :key_usage => ["digitalSignature","keyEncipherment"],
-        :extended_key_usage => ["serverAuth"]
+    R509::Config::CertProfile.new(
+        :basic_constraints => { :ca => false },
+        :key_usage => { :value => ["digitalSignature","keyEncipherment"] },
+        :extended_key_usage => { :value => ["serverAuth"] }
     )
-
   end
 
   # @return [R509::Config::CAConfig]

data/spec/server_spec.rb

@@ -261,7 +261,7 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:cache_headers] = true
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA:773553085290984246110251380739025914079776985795").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA", "773553085290984246110251380739025914079776985795", "VALID")
@@ -280,13 +280,13 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:cache_headers] = false
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA:773553085290984246110251380739025914079776985795").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA", "773553085290984246110251380739025914079776985795", "VALID")
 
     get '/MFYwVDBSMFAwTjAJBgUrDgMCGgUABBT1kOLWHXbHiKP3sVPVxVziq%2FMqIwQUP8ezIf8yhMLgHnccSKJLQdhDaVkCFQCHf1HsjUAACwcp3qQL4IxclfXSww%3D%3D'
-    ocsp_response = R509::OCSP::Response.parse(last_response.body)
+    R509::OCSP::Response.parse(last_response.body)
     last_response.headers.size.should == 2
   end
 
@@ -294,13 +294,13 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:cache_headers] = true
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=Ruby CA Project/CN=Test CA:872625873161273451176241581705670534707360122361").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=Ruby CA Project/CN=Test CA", "872625873161273451176241581705670534707360122361", "VALID")
 
     get '/MHsweTBSMFAwTjAJBgUrDgMCGgUABBQ4ykaMB0SN9IGWx21tTHBRnmCnvQQUeXW7hDrLLN56Cb4xG0O8HCpNU1gCFQCY2eXAtMNzVS33fF0PHrUSjklF%2BaIjMCEwHwYJKwYBBQUHMAECBBIEEDTJniOQonxCRmmHAHCVstw%3D'
-    ocsp_response = R509::OCSP::Response.parse(last_response.body)
+    R509::OCSP::Response.parse(last_response.body)
     last_response.headers.size.should == 2
   end
 
@@ -308,13 +308,13 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:cache_headers] = false
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=Ruby CA Project/CN=Test CA:872625873161273451176241581705670534707360122361").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=Ruby CA Project/CN=Test CA", "872625873161273451176241581705670534707360122361", "VALID")
 
     get '/MHsweTBSMFAwTjAJBgUrDgMCGgUABBQ4ykaMB0SN9IGWx21tTHBRnmCnvQQUeXW7hDrLLN56Cb4xG0O8HCpNU1gCFQCY2eXAtMNzVS33fF0PHrUSjklF%2BaIjMCEwHwYJKwYBBQUHMAECBBIEEDTJniOQonxCRmmHAHCVstw%3D'
-    ocsp_response = R509::OCSP::Response.parse(last_response.body)
+    R509::OCSP::Response.parse(last_response.body)
     last_response.headers.size.should == 2
   end
 
@@ -323,7 +323,7 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:max_cache_age] = 600
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA:773553085290984246110251380739025914079776985795").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA", "773553085290984246110251380739025914079776985795", "VALID")
@@ -342,7 +342,7 @@ describe R509::OCSP::Responder::Server do
     Dependo::Registry[:max_cache_age] = 950000
 
     now = Time.now
-    Time.stub!(:now).and_return(now)
+    Time.stub(:now).and_return(now)
 
     @redis.should_receive(:hgetall).with("cert:/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA:773553085290984246110251380739025914079776985795").and_return({"status" => R509::Validity::VALID})
     @stats.should_receive(:record).with("/C=US/ST=Illinois/L=Chicago/O=R509, Ltd/CN=R509 Secondary Test CA", "773553085290984246110251380739025914079776985795", "VALID")
@@ -377,7 +377,7 @@ describe R509::OCSP::Responder::Server do
 
     der = Base64.decode64(URI.decode("MFYwVDBSMFAwTjAJBgUrDgMCGgUABBQ4ykaMB0SN9IGWx21tTHBRnmCnvQQUeXW7hDrLLN56Cb4xG0O8HCpNU1gCFQC4IG5U4zC4RYb4VQ%2B2f0zCoFCvNg%3D%3D"))
     post '/', der, "CONTENT_TYPE" => "application/ocsp-request"
-    ocsp_response = R509::OCSP::Response.parse(last_response.body)
+    R509::OCSP::Response.parse(last_response.body)
     last_response.content_type.should == "application/ocsp-response"
     last_response.headers.size.should == 2
     last_response.should be_ok
@@ -391,18 +391,19 @@ describe R509::OCSP::Responder::Server do
 
     der = Base64.decode64(URI.decode("MFYwVDBSMFAwTjAJBgUrDgMCGgUABBQ4ykaMB0SN9IGWx21tTHBRnmCnvQQUeXW7hDrLLN56Cb4xG0O8HCpNU1gCFQC4IG5U4zC4RYb4VQ%2B2f0zCoFCvNg%3D%3D"))
     post '/', der, "CONTENT_TYPE" => "application/ocsp-request"
-    ocsp_response = R509::OCSP::Response.parse(last_response.body)
+    R509::OCSP::Response.parse(last_response.body)
     last_response.content_type.should == "application/ocsp-response"
     last_response.headers.size.should == 2
     last_response.should be_ok
   end
 
+=begin
+  # this test is disabled because it is unreliable. Signal testing this way is
+  # probably wrong.
   it "should reload and print config when receiving a SIGUSR2" do
-    config = double("config")
-    stub_const("R509::OCSP::Responder::OCSPConfig",config)
-    #R509::OCSP::Responder::OCSPConfig = double("config")
     R509::OCSP::Responder::OCSPConfig.should_receive(:load_config)
     R509::OCSP::Responder::OCSPConfig.should_receive(:print_config)
     Process.kill :USR2, Process.pid
   end
+=end
 end

data/spec/signer_spec.rb

@@ -46,8 +46,8 @@ describe R509::OCSP::Signer do
     request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
     request_response[:response].verify(@ocsp_delegate_config.ca_cert.cert).should == true
     #TODO Better way to check whether we're adding the certs when signing the basic_response than response size...
-    request_response[:response].to_der.size.should >= 1500
-    request_response[:response].to_der.size.should <= 1800
+    request_response[:response].to_der.size.should be >= 1500
+    request_response[:response].to_der.size.should be <= 1800
   end
   it "responds successfully for a subroot (signing via subroot)" do
     ocsp_handler = R509::OCSP::Signer.new( :configs => R509::Config::CAConfigPool.new('testca' => @test_ca_subroot_config) )
@@ -85,8 +85,8 @@ describe R509::OCSP::Signer do
     request_response[:response].status.should == OpenSSL::OCSP::RESPONSE_STATUS_SUCCESSFUL
     request_response[:response].verify(@ocsp_chain_config.ca_cert.cert).should == true
     #TODO Better way to check whether we're adding the certs when signing the basic_response than response size...
-    request_response[:response].to_der.size.should >= 3600
-    request_response[:response].to_der.size.should <= 3900
+    request_response[:response].to_der.size.should be >= 3600
+    request_response[:response].to_der.size.should be <= 3900
   end
   it "responds successfully from the test_ca" do
     csr = R509::CSR.new( :subject => [['CN','ocsptest.r509.local']], :bit_strength => 1024 )
@@ -101,7 +101,7 @@ describe R509::OCSP::Signer do
     request_response[:request].should_not be_nil
   end
   it "responds successfully from an elliptic curve CA" do
-    csr = R509::CSR.new( :subject => [['CN','ocspectest.r509.local']], :type => :ec )
+    csr = R509::CSR.new( :subject => [['CN','ocspectest.r509.local']], :type => "EC" )
     ca = R509::CertificateAuthority::Signer.new(@test_ca_ec_config)
     cert = ca.sign(:csr => csr, :profile_name => 'server')
     ocsp_request = OpenSSL::OCSP::Request.new

data/spec/spec_helper.rb

@@ -1,6 +1,9 @@
-if (RUBY_VERSION.split('.')[1].to_i > 8 || RUBY_VERSION.split('.')[0].to_i > 1)
-  require 'simplecov'
-  SimpleCov.start
+require 'simplecov'
+SimpleCov.start
+begin
+    require 'coveralls'
+      Coveralls.wear!
+rescue LoadError
 end
 
 $:.unshift File.expand_path("../../lib", __FILE__)

metadata

@@ -1,174 +1,175 @@
 --- !ruby/object:Gem::Specification
 name: r509-ocsp-responder
 version: !ruby/object:Gem::Version
-  version: 0.3.2
-  prerelease: 
+  version: 0.3.3
 platform: ruby
 authors:
 - Paul Kehrer
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-04-16 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDhTCCAm2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMRYwFAYDVQQDDA1wYXVs
+  Lmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wHhcNMTMxMjA2MDAzNTU0WhcNMTQxMjA2MDAzNTU0WjBEMRYwFAYDVQQD
+  DA1wYXVsLmwua2VocmVyMRUwEwYKCZImiZPyLGQBGRYFZ21haWwxEzARBgoJkiaJ
+  k/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLVC6U
+  0ZyX4C4HllJxHW0Uq39bvRvfNXc0RXMSvIRklxjupx3EICVATpAJzg4qBxbpxRTe
+  XcsmuYfaZAriSH2M97C2sBJnVEAr63ws2vmBQKw9cXHV3RjQTeqQUTQudE790DTI
+  7pc1ObprB4pM2j3O6JtPVzmJ/PGACjtyg4bys6bx7JQJW5liunK26mS6w6mAAcAV
+  scAz7oh6fmOI0OSS45l3ycOEh5sb42cZzs7TNzcvVmEppTRa4wBP4/eDTuohxlPH
+  skuIPWcdU6YTo2LWwqEaGgUItj8lRqXGDcEZ1FhKyZ6HUD3l1zPGxojW8BKr0Svj
+  /cMP+y0YH5OeoD+vAgMBAAGjgYEwfzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAd
+  BgNVHQ4EFgQURv1xuy9aKzcxwxkGiL/e4UYCWGowIgYDVR0RBBswGYEXcGF1bC5s
+  LmtlaHJlckBnbWFpbC5jb20wIgYDVR0SBBswGYEXcGF1bC5sLmtlaHJlckBnbWFp
+  bC5jb20wDQYJKoZIhvcNAQEFBQADggEBADsnINhvXWJ8r7U02fzbmOitcDZOlCnN
+  jtyYfzDbYtEnQCpBCHhpNC8SVI3OUgGJbrb5Debs0f1UxrYsGn0u8LsLu6xmst+D
+  zZdxtzvnsqowLw2dCzXow0CGwBGcWq38Wqn0v/ez3otQBj2GGGV0jyLUoRWfMwTK
+  dqbGuJ0s/ZORipbl4jdfucPbrGPQHmf8/H8w0/kH7tBnhcyGI1exBSQexiu2qRqP
+  wQ9nsK5DoJSWf5vG8Xu/TEnv2Gu8z6T4wBrbIr20EYu6lb0i5ekGhrHOcaPRI6X9
+  lYMLMTFSyjE66v5QiUlZ9V4oV6O/MPS9fXPxog3TCsYpgfsgA+RlO8I=
+  -----END CERTIFICATE-----
+date: 2014-01-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: r509
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: redis
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: r509-validity-redis
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: dependo
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: syntax
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A ruby OCSP responder using Sinatra and redis. RFC 2560 and 5019 compliant.
@@ -183,6 +184,7 @@ files:
 - lib/r509/ocsp/responder/server.rb
 - lib/r509/ocsp/responder/version.rb
 - lib/r509/ocsp/signer.rb
+- spec/fixtures.rb
 - spec/fixtures/cert1.pem
 - spec/fixtures/config_test_various.yaml
 - spec/fixtures/ocsptest.r509.local.pem
@@ -205,57 +207,30 @@ files:
 - spec/fixtures/test_ca_subroot_ocsp.cer
 - spec/fixtures/test_ca_subroot_ocsp.key
 - spec/fixtures/test_config.yaml
-- spec/fixtures.rb
 - spec/server_spec.rb
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-- doc/_index.html
-- doc/class_list.html
-- doc/css/common.css
-- doc/css/full_list.css
-- doc/css/style.css
-- doc/file.README.html
-- doc/file_list.html
-- doc/frames.html
-- doc/index.html
-- doc/js/app.js
-- doc/js/full_list.js
-- doc/js/jquery.js
-- doc/method_list.html
-- doc/R509/Ocsp/Helper/RequestChecker.html
-- doc/R509/Ocsp/Helper/ResponseSigner.html
-- doc/R509/Ocsp/Helper.html
-- doc/R509/Ocsp/Responder/OcspConfig.html
-- doc/R509/Ocsp/Responder/Server.html
-- doc/R509/Ocsp/Responder/StatusError.html
-- doc/R509/Ocsp/Responder.html
-- doc/R509/Ocsp/Signer.html
-- doc/R509/Ocsp.html
-- doc/R509.html
-- doc/top-level-namespace.html
 homepage: http://langui.sh
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.23
+rubygems_version: 2.2.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A (relatively) simple OCSP responder written to work with r509
 test_files: []
-has_rdoc: